The present invention generally relates to a reliable document verification system and, in particular, relates to a reliable document verification system using a public key cryptosystem.
Throughout history one of the tasks undertaken by many people and organizations has been proving the authenticity of the information content of documents. The importance of actually proving the authenticity of a document can range from merely identifying a signature to verifying military and/or political intelligence. Further, as often as one tries to demonstrate the authenticity of a document, there is usually at least one party that attempts to forge a document. Hence, there has been, and probably will continue to be, an ongoing struggle to be able to reliably verify documents.
Over the years technological advances have brought new meaning to the word "document". Today, a document may be, for example, an electronically generated receipt from a banking machine or a digitized recording on an optical recording disk. For the purpose of this patent application, therefore, the word "document" should be interpreted to include any information placed on any medium including, but not limited to, magnetic disks, optical disks or paper.
Another, similar task that has just as colorful a history as document authentication is the secure communication of information commonly includes the use of encryption/decryption techniques. Similar to the forger referred to above, there is usually at least one party that is interested in either stealing the information being communicated that has been encrypted or supplying false information in an encrypted format so that the receiver thereof is disinformed, or both. Hence, throughout history various encryption/decryption schemes have been developed that, at least for a time, were thought to be secure only to discover that the security had been compromised. Again, technological advances have considerably changed the field of cryptography. For example, with modern computers many cryptographic techniques can be broken in a relatively short period of time due, primarily, to the speed that computers perform mathematical operations.
One presently secure cryptographic technique is generally known as the public key cryptographic system. One particular form of such a system is fully described and discussed in the basic article entitled "A Method For Obtaining Digital Signatures and Public Key Cryptosystems" by R. L. Rivest, A. Shamir and L. Adelmann, Volume 21 #2, February 1978, Communications of ACM pages 120-126. This particular system is frequently referred to as the RSA public key cryptosystem.
Public key techniques, as pointed out in the article entitled "Public Key Cryptography" by John Smith, in the January 1983 edition of Byte Magazine, pages 189-218, usually include two different kinds of keys: encryption keys and decryption keys. These keys includes the properties that: a) it is possible to compute a pair of keys including an encryption key and a decryption key; b) such that, for each pair, the decryption key that is not the same as the encryption key; and c) it is not feasible to compute the decryption key even from the knowledge of the encryption key. In addition, in such a cryptosystem, the encryption and decryption keys are functionally reversible, i.e. if one key is used to encrypt the other key can be used to decrypt whatever has been encrypted.
As known, the name "public key" is derived from the fact that each party's encryption key can be made available, i.e. public, to all parties subscribing to the particular public key network involved. Hence, as currently used, public key cryptographic systems are designed for the direct communication between any two subscribing parties, each party having an unpublished decryption key and a published encryption key.
The public key cryptographic system has also found use in providing accurate identification of the source of a document. As discussed on pages 217-218 of the Smith article, a sender can effectively sign a message by first encrypting the message, or an authenticating portion thereof, such as, for example, the name of the sender, using the private decryption key of the sender and then encrypt the message with the public encryption key of the receiving party. This results in a message portion that only the sender could have created and only the receiver can read. Hence, two party communication can, so long as public key cryptographic systems are secure, be implemented in such a fashion that the authenticity of a document can be ensured.
Nonetheless, there remain many instances where there is a need, or desire, for a third party to authenticate a document relevant to, or communicated between, two other parties. One example of such a situation would exist if a first party were required, or simply desired, to prove, or demonstrate, the authenticity of a particular document to a second party. In such a situation, it could be most beneficial if a third party could provide a means for authenticating that document. One particular situation that could exist would be where a dispute over the authenticity of a document arose between two parties and an impartial third party was selected to resolve the issue to the satisfaction of both parties. Such a situation might arise when, in accordance with an agreement between two parties, one of the parties was to maintain certain records such that the second party could review those records to ensure compliance with the agreement. In such a situation it would be most beneficial if a third party were available to demonstrate the accuracy/inaccuracy of the records to the auditing second party.
One solution to the problems described above is set forth in U.S. Pat. No. 4,853,961; to: Pastor; issued: Aug. 1, 1988; for: Reliable Document Authentication System. This patent discloses a system wherein information from a document, preferably postage information from a mailpiece is encrypted using an encryption key E.sub.i and incorporated with the document. The corresponding decryption key D.sub.i is encrypted with a second encryption key E.sub.1 and also incorporated with the document. To verify the document as authenticate a party wishing to verify the document is provided with the decryption key D.sub.1 corresponding to encryption key El, recovers key D.sub.i and decrypts the encrypted information, and compares it to the information originally in the document. The Pastor patent contemplates that all keys are provided by a trusted third party and thus the verifying party may be assured that the document has not been changed after the encrypted information was incorporated.
A particular application of this document verification technique is disclosed in commonly assigned, co-pending U.S. patent application Ser. No. 07/979,081; by; Marcus; filed: Nov. 20, 1992; for: Secure Identification Card and Method and Apparatus For Producing And Authenticating Same. Marcus discloses a system for producing and verifying identification cards; that is documents which serve to prove the identity and status of an associated person or other entity. In this application the encrypted information from the identification card would include information describing the person or other entity to be identified. Particularly, the encrypted information may include information representative of an image of a person to be identified. A typical example of such an identification card would be a driver's license which serves to identify the bearer and to confirm the bearer's status as a licensed driver.
As is well known, driver license's and similar identification cards are used not only for their intended purpose, but are also frequently used by third parties to verify the identity, age, etc. of the bearer. For example, retail establishments frequently wish to verify a driver's license before cashing a check or selling liquor. The system disclosed in the Marcus application is particularly adapted to this, since the keys provided to third parties will not allow the third party to forge false documents, as would be possible using single key systems.
While the system disclosed in the Marcus application is believed highly satisfactory for its intended purpose, it does not contemplate the problem of third party who wishes to verify documents from a number of sources. For example, a bar owner close to a state line may wish to have the capability to verify driver licenses from one or more neighboring states, while a similar bar owner in the middle of the state may have no need for such capability, while a retailer located near a popular tourist attraction may have a need to verify driver's licenses from all over the United States.
Consequently, it would be highly desirable to provide a method and apparatus for reliably validating documents in general and, in particular, to reliably validate documents belonging to a plurality of classes.